untaint and linkpage the page name used in attachment holding directory

1 files changed, 2 insertions, 1 deletions

diff --git a/IkiWiki/Plugin/attachment.pm b/IkiWiki/Plugin/attachment.pm
index f46388948..f4bfbe98f 100644
--- a/IkiWiki/Plugin/attachment.pm
+++ b/IkiWiki/Plugin/attachment.pm
@@ -150,7 +150,8 @@ sub formbuilder (@) {
 sub attachment_holding_dir {
 	my $page=shift;
 
-	return $config{wikistatedir}."/attachments/$page";
+	return $config{wikistatedir}."/attachments/".
+		IkiWiki::possibly_foolish_untaint(linkpage($page));
 }
 
 # Stores the attachment in a holding area, not yet in the wiki proper.